Companies Battle Cyberattacks Using 'Hack Back'

CNBC's Scott Cohn reports on the dangerous cyber territory known as "hack back," when the victim of a cyberattack fights back. HBGary Founder, Greg Hoglund, says companies are taking matters into their own hands.

"When I think of hack back, I think of more of a counterstrike, or a mitigative action to stop an imminent or ongoing attack. You're not going out and trying to find trouble, you're in trouble and trying to stop the pain right then," he said.

A hack back could mean a company shutting down a cyberattack already in progress, or hacking into a cybercriminals' network to delete or alter information that's already been stolen.

The bad guys are so pervasive, according to Hoglund, that some companies are taking matters into their own hands. Victims of attacks are fighting back by hacking the hackers where the hacker becomes the hackee.

But this new way of fighting cybercrime is in legally uncharted territory.

"Reverse hacking is a felony in the United States, just as the initial hacking was. It's sort of like, if someone steals your phone, it doesn't mean you're allowed to break into their house and take it back," Fordham University law professor Joel Reidenberg told CNBC.

But Reidenberg said law enforcement is unlikely to detect or prosecute a hack back. "If the only organization that gets harmed is a number of criminals' computers, I don't think it would be of great interest to law enforcement."

CNBC's Gary Kaminsky spent time with SEC's Bruce Karpati to learn more about his division, which investigates allegations of fraud committed by investment advisers. Kaminsky reports that if you're breaking the law, the agency will find you.